[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync=true
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server=puppet.example.org

Installing the Management Server

Let's get started with how to deploy Puppet-Foreman application in order to manage our OpenStack infrastructure.

Please noteForeman use Sqlite by default. Meanwhile it's recommended to use Mysql or Posgresql for production and/or large scale environments.

To use Mysql backend, follow the Mysql back section from the manual installation procedure described below. Postgresql integration is not covered.

We describe two installation methods for the Management application:

Automated

or

Manually

We recommend to use the automated approach.

Meanwhile, the manual approach walks you through the installation of the automated components. This should be helpful for some OpenStack scenarios and also for troubleshooting. The manual installation doesn't describe Apache/SSL/Passenger components yet.

Automated Installation

The Automated installation of the Management server provides:

Puppet Master

HTTPS service with Apache SSL and Passenger

Foreman Proxy (Smart-proxy) and Foreman

No SELinux

Before starting, make sure the Common Core definitions described earlier have been applied.

To get those services installed, configured and running, we basically use puppet itself with the following commands to be executed on the Management machine, host1.example.org for instance:

Set-up Foreman

Smart-Proxy

Once Foreman, Foreman-proxy service are up and running, we need to link them together.

First, let's log into Foreman GUI:

Then select “More -> Configuration -> Smart Proxies” in the menu located on the top end right.
And select the “New Proxy” button.
Add the definitions for a new proxy.

The name is only a description

The URL should match your FQDN management host and the smart-proxy port 8443. Use https or http depending if SSL is configured. By default SSL is configured in the automated installation and is not for the manual installation.

Then select the “Submit” button to validate.
For example:

Import OpenStack Puppet Modules

We need to download the Opentstack Puppet modules from the github project. All the OpenStack components are installed from those modules:

NoteTo use with scripts, you can add the “batch” option to the rake import command:

rake puppet:import:puppet_classes[batch]

Parameters

We must provide all the parameters required by the OpenStack puppet modules in order to configure the different components with those values.
Here is the list of all the parameters to defined into Foreman:

Name

Value

nova_db_password

changeme

verbose

true

mysql_root_password

changeme

keystone_db_password

changeme

glance_db_password

changeme

nova_db_password

changeme

keystone_admin_token

secret

admin_email

admin@example.org

admin_password

changeme

glance_user_password

changeme

nova_user_password

changeme

glance_user_password

changeme

private_interface

em1*

public_interface

em2*

fixed_network_range

10.100.10.0/24

floating_network_range

8.21.28.128/25

horizon_secret_key

secret

controller_node_public

10.100.0.2

*Adjust those values according to your network configuration

Using Foreman GUI, go to “More -> Configuration -> Global Parameters” and “Add Parameter” in order to create all parameters described in the previous table:

Hosts Groups

Host Groups are an easy way to group Puppet class modules and parameters. A host, when attached to a Host Group automatically inherits those definitions.
We manage the two OpenStack types of server using Foreman Host Groups.

So, we need to create two Host Groups:

OpenStack-Controller

OpenStack Compute Nodes

To create a Host Group:

Select the menu entry “More -> Configuration -> Host Groups”

Provide:

The name

The environment: Production is the default

The smart-proxy: Use the one created previously

So we create the first Host Group, "openstack-controller" and validate by selecting the “Submit” button at the bottom of the page:

We repeat the same operation to create the second Host Group, "openstack-compute":

Finally, we need to associate the OpenStack Controller and the OpenStack Compute classes
respectively to the two Host Groups we have created.

OpenStack Controller

To define the OpenStack Controller Host Group,
Edit the OpenStack-Controller Host Group and use the “Puppet Classes” tab and select the "TryStack class".
Activate the trystack and trystack::controller classes by clicking on the "+" icon.

OpenStack Compute

To define the OpenStack Compute Host Group,
Edit the openStack-compute Host Group and activate the trystack and trystack::compute classes:

Manage a Host

To make a system part of our OpenStack infrastructure we have to:

Make sure the host follows the Common Core definitions – See RHEL Core: Common definitions section above

Have the host's certificate signed so it's registered with the Management server

Assign the host either the openstack-controller or openstack-compute Host Group

Register Host Certificates

Using Autosign

With autosign option, the hosts can be automatically registered and visible from Foreman by
adding the hostnames to the /etc/puppet/autosign.conf file.

Signing Certificates

If you're not using the autosign option then you will have to sign the host certificate, using either:

Foreman GUI

Get on the Smart Proxies window from the menu "More -> Configuration -> Smart Proxies".
And select the "Certificates" from the drop-down button of the smart-proxy you created:

From there you can manage all the hosts certificates and get them signed.

The Command Line Interface

Assuming the Puppet agent (puppetd) is running on the host, the host certificate would have
been created on the Puppet Master and will be waiting to be signed:
From the Puppet Master host, use the “puppetca” tool with the command “list” to see the waiting
certificates, for example:

To sign a certificate, use the “sign” command and provide the hostame, for example:

puppetca sign host3.example.org

Assign a Host Group

Display the hosts using the “Hosts” button at the top Foreman GUI screen.

Then select the corresponding “Edit Host” drop-down button on the right side of the targeted host.

Assign the right environment and attach the appropriate Host Group to that host in order to make
it a Controller or a Compute node.

Save by hitting the “Submit” button.

Deploy OpenStack Components

We are done!

The OpenStack components will be installed when the Puppet agent synchronises with the
Management server. Effectively, the classes will be applied when the agent retrieves the catalog
from the Master and runs it.

You can also manually trigger the agent to check with the puppetmaster, to do so deactivate the agent on the targeted controller node run: